libtomcrypt

Working with cryptography; turns out it’s not so simple

While coming up with a new list format for PeerGuardian 3, I decided it should have built in digital signatures, so everyone getting lists can verify the integrity and who the list came from.

Although I’ve used crypto systems like GPG before and understood the basics of it, I’d never implemented one myself. So after much research, I decided on LibTomCrypt due to its simple API, stellar documentation, and support for modern algorithms like AES and ECC. Being entirely in the public domain is a good perk, too.

The first iteration is a very basic public key system. After further reading, I’ve decided it would be useful to implement a full public key infrastructure – that is, signed keys and possibility of revocation. This allows Phoenix Labs (or anyone else) to sign other public keys to verify they’re legit and trustworthy, and later revoke the key if something happens with it (such as the private key being leaked).

All in all, it’s turning out to be a lot more work than I expected, but I don’t mind – it’s something new and interesting, which seems to happen less and less these days.